Recommended Practice
Cybersecurity Considerations for Public Transit
Abstract
This recommended practice establishes considerations for public transit chief information officers interested in developing cybersecurity strategies for their organizations. It details practices and standards that address vulnerability assessment and mitigation, system resilience and redundancy, and disaster recovery.
Document History
| Document Number | Version | Publication Date | Publication | Related Information |
|---|---|---|---|---|
| APTA SS-ECS-RP-001-14 | Rev. 1 | 07/29/2022 | Published | Current |
| APTA SS-ECS-RP-001-14 | 10/17/2014 | Published | Superseded |
Keywords
advanced persistent attacks, cyber, cyber-assets, cybersecurity assessments, disaster recovery, enterprise cybersecurity, fallback, information security (INFOSEC), information and communication technology (ICT), information security, intrusion detection, redundancy, resilience, secure cloud, system penetration.
Summary
Cybersecurity is a growing concern for public transit managers, as control and management systems become increasingly dependent on information technology. These systems are vulnerable to increasingly sophisticated direct and indirect cyberattacks. The typical transit-based IT infrastructure comprises complex and interconnected components, subcomponents, and services. This complexity increases the exposure of these systems to threats. Given these increasing risks, the transit industry and its technology managers must take proper steps to ensure the security of their cybersystems. Working remotely has increased the risk of compromising electronic security perimeters. Transit organizations must prioritize cybersecurity control implementation and ongoing operations management.
Get Involved
Want to participate in the development of this document? Join the Working Group or Learn More
Related Documents
|
